<!DOCTYPE html>
<html lang="zh-CN" dir="ltr">
    <head><meta charset='utf-8'>
<meta name='viewport' content='width=device-width, initial-scale=1'><meta name='description' content='一 php后门木马常用的函数大致上可分为四种类型： 执行系统命令: system, passthru, shell_exec, exec, popen, proc_open 代码执行与加密: eval, assert, call_user_func,base64_decode, gzinflate, gzuncompress, gzdecode, str_rot13 文件包含与生成: require, require_once, include, include_once, file_get_contents, file_put_contents, fputs, fwrite .htaccess: SetHandler,'>
<title>Eval PHP</title>

<link rel='canonical' href='/p/eval-php/'>

<link rel="stylesheet" href="/scss/style.min.56b4b4efdee21dd7cd9a6ec6cdb1882f71985765df9c7591a90716c58b48f4c5.css"><meta property='og:title' content='Eval PHP'>
<meta property='og:description' content='一 php后门木马常用的函数大致上可分为四种类型： 执行系统命令: system, passthru, shell_exec, exec, popen, proc_open 代码执行与加密: eval, assert, call_user_func,base64_decode, gzinflate, gzuncompress, gzdecode, str_rot13 文件包含与生成: require, require_once, include, include_once, file_get_contents, file_put_contents, fputs, fwrite .htaccess: SetHandler,'>
<meta property='og:url' content='/p/eval-php/'>
<meta property='og:site_name' content='良宏'>
<meta property='og:type' content='article'><meta property='article:section' content='Post' /><meta property='article:tag' content='eval' /><meta property='article:tag' content='PHP' /><meta property='article:published_time' content='2019-06-04T15:57:25&#43;08:00'/><meta property='article:modified_time' content='2019-06-04T15:57:25&#43;08:00'/>
<meta name="twitter:title" content="Eval PHP">
<meta name="twitter:description" content="一 php后门木马常用的函数大致上可分为四种类型： 执行系统命令: system, passthru, shell_exec, exec, popen, proc_open 代码执行与加密: eval, assert, call_user_func,base64_decode, gzinflate, gzuncompress, gzdecode, str_rot13 文件包含与生成: require, require_once, include, include_once, file_get_contents, file_put_contents, fputs, fwrite .htaccess: SetHandler,">
    </head>
    <body class="
    article-page
    ">
    <script>
        (function() {
            const colorSchemeKey = 'StackColorScheme';
            if(!localStorage.getItem(colorSchemeKey)){
                localStorage.setItem(colorSchemeKey, "auto");
            }
        })();
    </script><script>
    (function() {
        const colorSchemeKey = 'StackColorScheme';
        const colorSchemeItem = localStorage.getItem(colorSchemeKey);
        const supportDarkMode = window.matchMedia('(prefers-color-scheme: dark)').matches === true;

        if (colorSchemeItem == 'dark' || colorSchemeItem === 'auto' && supportDarkMode) {
            

            document.documentElement.dataset.scheme = 'dark';
        } else {
            document.documentElement.dataset.scheme = 'light';
        }
    })();
</script>
<div class="container main-container flex on-phone--column extended"><aside class="sidebar left-sidebar sticky ">
    <button class="hamburger hamburger--spin" type="button" id="toggle-menu" aria-label="切换菜单">
        <span class="hamburger-box">
            <span class="hamburger-inner"></span>
        </span>
    </button>

    <header>
        
            
            <figure class="site-avatar">
                <a href="/">
                
                    
                    
                    
                        
                        <img src="/img/wx_150x150_hub08581134c092243b209205c3073808c_6075_300x0_resize_q75_box.jpeg" width="300"
                            height="300" class="site-logo" loading="lazy" alt="Avatar">
                    
                
                </a>
                
                    <span class="emoji">🍥</span>
                
            </figure>
            
        
        
        <div class="site-meta">
            <h1 class="site-name"><a href="/">良宏</a></h1>
            <h2 class="site-description">好好学习，天天向上。</h2>
        </div>
    </header><ol class="menu" id="main-menu">
        
        
        
        <li >
            <a href='/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-home" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <polyline points="5 12 3 12 12 3 21 12 19 12" />
  <path d="M5 12v7a2 2 0 0 0 2 2h10a2 2 0 0 0 2 -2v-7" />
  <path d="M9 21v-6a2 2 0 0 1 2 -2h2a2 2 0 0 1 2 2v6" />
</svg>



                
                <span>Home</span>
            </a>
        </li>
        
        
        <li >
            <a href='/about/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-user" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="12" cy="7" r="4" />
  <path d="M6 21v-2a4 4 0 0 1 4 -4h4a4 4 0 0 1 4 4v2" />
</svg>



                
                <span>About</span>
            </a>
        </li>
        
        
        <li >
            <a href='/archives/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-archive" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <rect x="3" y="4" width="18" height="4" rx="2" />
  <path d="M5 8v10a2 2 0 0 0 2 2h10a2 2 0 0 0 2 -2v-10" />
  <line x1="10" y1="12" x2="14" y2="12" />
</svg>



                
                <span>Archives</span>
            </a>
        </li>
        
        
        <li >
            <a href='/search/' >
                
                
                
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-search" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="10" cy="10" r="7" />
  <line x1="21" y1="21" x2="15" y2="15" />
</svg>



                
                <span>Search</span>
            </a>
        </li>
        

        <div class="menu-bottom-section">
            
            
                <li id="dark-mode-toggle">
                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-toggle-left" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="8" cy="12" r="2" />
  <rect x="2" y="6" width="20" height="12" rx="6" />
</svg>



                    <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-toggle-right" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="16" cy="12" r="2" />
  <rect x="2" y="6" width="20" height="12" rx="6" />
</svg>



                    <span>暗色模式</span>
                </li>
            
        </div>
    </ol>
</aside>

    

            <main class="main full-width">
    <article class="main-article">
    <header class="article-header">

    <div class="article-details">
    
    <header class="article-category">
        
            <a href="/categories/tech/" style="background-color: blueviolet; color: #fff;">
                Tech
            </a>
        
    </header>
    

    <div class="article-title-wrapper">
        <h2 class="article-title">
            <a href="/p/eval-php/">Eval PHP</a>
        </h2>
    
        
    </div>

    
    
    
    
    <footer class="article-time">
        
            <div>
                <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-calendar-time" width="56" height="56" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <path d="M11.795 21h-6.795a2 2 0 0 1 -2 -2v-12a2 2 0 0 1 2 -2h12a2 2 0 0 1 2 2v4" />
  <circle cx="18" cy="18" r="4" />
  <path d="M15 3v4" />
  <path d="M7 3v4" />
  <path d="M3 11h16" />
  <path d="M18 16.496v1.504l1 1" />
</svg>
                <time class="article-time--published">Jun 04, 2019</time>
            </div>
        

        
            <div>
                <svg xmlns="http://www.w3.org/2000/svg" class="icon icon-tabler icon-tabler-clock" width="24" height="24" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" fill="none" stroke-linecap="round" stroke-linejoin="round">
  <path stroke="none" d="M0 0h24v24H0z"/>
  <circle cx="12" cy="12" r="9" />
  <polyline points="12 7 12 12 15 15" />
</svg>



                <time class="article-time--reading">
                    阅读时长: 4 分钟
                </time>
            </div>
        
    </footer>
    

    
</div>

</header>

    <section class="article-content">
    
    
    <p>一</p>
<p>php后门木马常用的函数大致上可分为四种类型：</p>
<ol>
<li>
<p>执行系统命令: system, passthru, shell_exec, exec, popen, proc_open</p>
</li>
<li>
<p>代码执行与加密: eval, assert, call_user_func,base64_decode, gzinflate, gzuncompress, gzdecode, str_rot13</p>
</li>
<li>
<p>文件包含与生成: require, require_once, include, include_once, file_get_contents, file_put_contents, fputs, fwrite</p>
</li>
<li>
<p>.htaccess: SetHandler, auto_prepend_file, auto_append_file</p>
</li>
</ol>
<p>二</p>
<p>想找一个 关键词是“hellow word” 在哪些文件中有，我们用grep命令</p>
<p>grep &ndash;color -i -r -n &ldquo;hellow word&rdquo;  /data/www/</p>
<p>这样就能搜索出来 文件中包含关键词的文件</p>
<p>&ndash;color是关键词标红</p>
<p>-i是不区分大小写
-r是包含子目录的搜索
-d skip忽略子目录</p>
<p>可以用以上命令查找网站项目里的带有挂马的文件</p>
<p>三</p>
<p>.两个查后门的实用linux命令：
find /data/web/website/ -iname <em>.php -mtime -35 找出/data/web/website/目录下 35分钟前新建的php
find /data/web/website/ -name “</em>.php” | xargs grep “eval($_POST[” 找出/data/web/website/ 里面源码包含eval($_POST[的php文件  (注意：POST后面可能需要转义符“\”，否则有可能不能执行）</p>
<p>四.</p>
<p>例如</p>
<p>注入漏洞eval(base64_decode</p>
<p>grep &ndash;color -i -r -n &ldquo;eval&rdquo;  /data/www/   找出来对比以前正常的代码，看是否正常。然后用stat查看这个木马文件的修改时间，最后去寻找WEB日志，找出木马从哪里进来的</p>
<p>eg: grep &ndash;color -i -r -n &rsquo;eval($_POST&rsquo;  cncar/ </p>
<p>五：</p>
<p>实用查找PHP木马命令：</p>
<p>查找PHP木马</p>
<h1 id="find---name-php-xargs-egrep-phpspyc99shmilw0rmevalgunerpressevalbase64_decoolcodespider_bc-tmpphptxt">find ./ -name &ldquo;*.php&rdquo; |xargs egrep &ldquo;phpspy|c99sh|milw0rm|eval(gunerpress|eval(base64_decoolcode|spider_bc&rdquo;&gt; /tmp/php.txt</h1>
<p> </p>
<h1 id="grep--r---includephp-a-zeval_post---tmpevaltxt">grep -r &ndash;include=*.php  &lsquo;[^a-z]eval($_POST&rsquo; . &gt; /tmp/eval.txt</h1>
<p> </p>
<h1 id="grep--r---includephp-file_put_contents_post">grep -r &ndash;include=<em>.php  &lsquo;file_put_contents(.</em>$_POST</h1>
<p>.∗
.∗
);&rsquo; . &gt; /tmp/file_put_contents.txt
 </p>
<h1 id="find---name-php--type-f--print0--xargs--0-egrep-phpspyc99shmilw0rmevalgzuncompressbase64_decoolcodeevalbase64_decoolcodespider_bcgzinflate--awk--f-print-1--sort--uniq">find ./ -name &ldquo;*.php&rdquo; -type f -print0 | xargs -0 egrep &ldquo;(phpspy|c99sh|milw0rm|eval(gzuncompress(base64_decoolcode|eval(base64_decoolcode|spider_bc|gzinflate)&rdquo; | awk -F: &lsquo;{print $1}&rsquo; | sort | uniq</h1>
<p>查找最近一天被修改的PHP文件</p>
<p>#   find -mtime -1 -type f -name *.php
修改网站的权限</p>
<h1 id="find--type-f--name-php--exec-chmod-444--">find -type f -name *.php -exec chmod 444 {} ;</h1>
<p> </p>
<h1 id="find---type-d--exec-chmod-555-">find ./ -type d -exec chmod 555{} ;</h1>
<p>假设最后更新是10天前我们可以查找10天内生成的可以php文件:</p>
<p>find /var/www/ -name “*.php” -mtime -10</p>
<p>也可以通过关键字的形式查找 常见的木马常用代码函数 eval,shell_exec,passthru,popen,system</p>
<p>find /var/www/ -name “<em>.php” |xargs grep “eval” |more
find /var/www/ -name “</em>.php” |xargs grep “shell_exec” |more
find /var/www/ -name “*.php” |xargs grep “passthru” |more</p>
<p>还有查看access.log 当然前提是你网站的所有php文件不是很多的情况下</p>
<p>一句话查找PHP木马</p>
<h1 id="find---name-php-xargs-egrep-phpspyc99shmilw0rmevalgunerpressevalbase64_decodespider_bc-tmpphptxt">find ./ -name “*.php” |xargs egrep “phpspy|c99sh|milw0rm|eval(gunerpress|eval(base64_decode|spider_bc”&gt; /tmp/php.txt</h1>
<h1 id="grep--r-includephp-a-zeval_post---tmpevaltxt">grep -r –include=*.php ’[^a-z]eval($_POST’ . &gt; /tmp/eval.txt</h1>
<h1 id="grep--r-includephp-file_put_contents_post---tmpfile_put_contentstxt">grep -r –include=<em>.php ’file_put_contents(.</em>$_POST[.*]);’ . &gt; /tmp/file_put_contents.txt</h1>
<h1 id="find---name-php--type-f--print0--xargs--0-egrep-phpspyc99shmilw0rmevalgzuncompressbase64_decodeevalbase64_decodespider_bcgzinflate--awk--f-print-1--sort--uniq">find ./ -name “*.php” -type f -print0 | xargs -0 egrep “(phpspy|c99sh|milw0rm|eval(gzuncompress(base64_decode|eval(base64_decode|spider_bc|gzinflate)” | awk -F: ‘{print $1}’ | sort | uniq</h1>
<p>查找最近一天被修改的PHP文件</p>
<h1 id="find--mtime--1--type-f--name-php">find -mtime -1 -type f -name *.php</h1>
<p>六</p>
<p>以下其实是多余的操作了其实，但是还是有值得看的地方</p>
<p>，检查代码。</p>
<p>肯定不是一个文件一个文件的检查，Linxu有强悍的命令</p>
<p>grep ‘eval’ * -R 全盘搜索当前目录所有文件（包含子目录）中带有eval的文件，这条可以快速查找到被挂马的文件。</p>
<p>关于eval，请自行google一句话php代码。</p>
<p>2，查看日志。</p>
<p>不到这个时候不知道日志的可贵啊。</p>
<p>还是以grep命令为主。</p>
<p>思路：负责的站点是Linux，只开了2个端口，一个22和80，外部的执行命令是由从80端口进来，Selinux报httpd访问/boot文件，确认被挂马。而所有的命令执行必须POST提交给执行的文件。所以，查找日志中所有的POST记录。</p>
<p>cat access_log_20120823.log | grep ‘POST’ | grep -v ‘反向查找’ | less，通过grep -v排除正常post，egrep也支持正则，但是太复杂了，看懂不知道怎么运用。</p>
<p>（这里不建议用cat，用tail可以追加一个文件来看）</p>
<p>这可以防患于未然，防止不知道哪天又被人黑进来了。每天看一眼日志。</p>
<p>3，对于网页目录，只给apache用户rx权限，不要给w权限，目录设置要加上rx，不要给w，个别文件除外。所以，配合2使用，Linux下可以快速过滤刷选出来不规则的POST请求。</p>
<h2 id="综合12其实就可以快速查找被黑的页面被修改的文件替换干净的代码">综合1，2其实就可以快速查找被黑的页面，被修改的文件替换干净的代码。</h2>
<p>作者：MiltonZhong
来源：CSDN
原文：https://blog.csdn.net/MiltonZhong/article/details/9717179
版权声明：本文为博主原创文章，转载请附上博文链接！</p>
<pre tabindex="0"><code>@\$\_\(\$\_
\$\_=&#34;&#34;
\${&#39;\_&#39;
@preg\_replace\((&#34;)*\/(\S)*\/e(&#34;)*,\$_POST\[\S*\]
base64\_decode\(\$\_
&#39;e&#39;\.&#39;v&#39;\.&#39;a&#39;\.&#39;l&#39;
&#34;e&#34;\.&#34;v&#34;\.&#34;a&#34;\.&#34;l&#34;
&#34;e&#34;\.&#34;v&#34;\.&#34;a&#34;\.&#34;l&#34;
\$(\w)+\(&#34;\/(\S)+\/e
\(array\)\$_(POST|GET|REQUEST|COOKIE)
\$(\w)+\(\${
@\$\_=
\$\_=\$\_
chr\((\d)+\)\.chr\((\d)+\)
phpjm\.net
cha88\.cn
c99shell
phpspy
Scanners
cmd\.php
str_rot13
webshell
EgY_SpIdEr
tools88\.com
SECFORCE
eval\((&#39;|&#34;)\?&gt;
&#34;&gt;
preg_replace\(&#34;\/\.\*\/e&#34;
assert\((&#39;|&#34;|\s*)\$
eval\(gzinflate\(
gzinflate\(base64_decode\(
eval\(base64_decode\(
eval\(gzuncompress\(
ies&#34;,gzuncompress\(\$
eval\(gzdecode\(
eval\(str_rot13\(
gzuncompress\(base64_decode\(
base64_decode\(gzuncompress\(
eval\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
assert\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
require\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
require_once\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
include\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
include_once\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
call_user_func\((&#34;|&#39;)assert(&#34;|&#39;)
call_user_func\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
\$_(POST|GET|REQUEST|COOKIE)\[([^\]]+)\]\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)\[
echo\(file_get_contents\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
file_put_contents\((&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)\[([^\]]+)\],(&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)
fputs\(fopen\((.+),(&#39;|&#34;)w(&#39;|&#34;)\),(&#39;|&#34;|\s*)\$_(POST|GET|REQUEST|COOKIE)\[
SetHandlerapplication\/x-httpd-php
php_valueauto_prepend_file
</code></pre><pre tabindex="0"><code>find ./ -name &#34;*.php&#34; |xargs egrep &#34;phpspy|c99sh|milw0rm|eval\(gunerpress|eval\(base64_decoolcode|spider_bc&#34;&gt; /tmp/php.txt
grep -r --include=*.php  &#39;[^a-z]eval($_POST&#39; . &gt; /tmp/eval.txt
grep -r --include=*.php  &#39;file_put_contents(.*$_POST\[.*\]);&#39; . &gt; /tmp/file_put_contents.txt
find ./ -name &#34;*.php&#34; -type f -print0 | xargs -0 egrep &#34;(phpspy|c99sh|milw0rm|eval\(gzuncompress\(base64_decoolcode|eval\(base64_decoolcode|spider_bc|gzinflate)&#34; | awk -F: &#39;{print $1}&#39; | sort | uniq
</code></pre>
</section>


    <footer class="article-footer">
    
    <section class="article-tags">
        
            <a href="/tags/eval/">eval</a>
        
            <a href="/tags/php/">PHP</a>
        
    </section>


    </footer>


    
</article>

    

    

<aside class="related-content--wrapper">
    <h2 class="section-title">相关文章</h2>
    <div class="related-content">
        <div class="flex article-list--tile">
            
                
<article class="">
    <a href="/p/sha1-from-java-to-php/">
        
        

        <div class="article-details">
            <h2 class="article-title">sha1 from Java to Php</h2>
        </div>
    </a>
</article>

            
                
<article class="">
    <a href="/p/wordpress%E5%BC%80%E5%8F%91%E7%AC%94%E8%AE%B0/">
        
        

        <div class="article-details">
            <h2 class="article-title">WordPress开发笔记</h2>
        </div>
    </a>
</article>

            
                
<article class="">
    <a href="/p/wordpress%E7%8E%AF%E5%A2%83%E5%8F%8A%E8%B5%84%E6%96%99%E6%95%B4%E7%90%86/">
        
        

        <div class="article-details">
            <h2 class="article-title">WordPress环境及资料整理</h2>
        </div>
    </a>
</article>

            
                
<article class="">
    <a href="/p/%E7%BB%99discuz%E5%8A%A0%E4%B8%8A%E5%9B%BD%E9%99%85%E5%8C%96%E5%8A%9F%E8%83%BD/">
        
        

        <div class="article-details">
            <h2 class="article-title">给Discuz加上国际化功能</h2>
        </div>
    </a>
</article>

            
                
<article class="">
    <a href="/p/api-doc/">
        
        

        <div class="article-details">
            <h2 class="article-title">API DOC</h2>
        </div>
    </a>
</article>

            
        </div>
    </div>
</aside>

     
    
        
    

    <footer class="site-footer">
    <section class="copyright">
        &copy; 
        
            2021 - 
        
        2023 良宏
    </section>
    <section class="powerby">
        Built with <a href="https://gohugo.io/" target="_blank" rel="noopener">Hugo</a>,
        主题 <b><a href="https://github.com/CaiJimmy/hugo-theme-stack" target="_blank" rel="noopener" data-version="3.5.0">Stack</a></b> 由 <a href="https://jimmycai.com" target="_blank" rel="noopener">Jimmy</a> 设计
    </section>
</footer>


    
<div class="pswp" tabindex="-1" role="dialog" aria-hidden="true">

    
    <div class="pswp__bg"></div>

    
    <div class="pswp__scroll-wrap">

        
        <div class="pswp__container">
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
            <div class="pswp__item"></div>
        </div>

        
        <div class="pswp__ui pswp__ui--hidden">

            <div class="pswp__top-bar">

                

                <div class="pswp__counter"></div>

                <button class="pswp__button pswp__button--close" title="Close (Esc)"></button>

                <button class="pswp__button pswp__button--share" title="Share"></button>

                <button class="pswp__button pswp__button--fs" title="Toggle fullscreen"></button>

                <button class="pswp__button pswp__button--zoom" title="Zoom in/out"></button>

                
                
                <div class="pswp__preloader">
                    <div class="pswp__preloader__icn">
                        <div class="pswp__preloader__cut">
                            <div class="pswp__preloader__donut"></div>
                        </div>
                    </div>
                </div>
            </div>

            <div class="pswp__share-modal pswp__share-modal--hidden pswp__single-tap">
                <div class="pswp__share-tooltip"></div>
            </div>

            <button class="pswp__button pswp__button--arrow--left" title="Previous (arrow left)">
            </button>

            <button class="pswp__button pswp__button--arrow--right" title="Next (arrow right)">
            </button>

            <div class="pswp__caption">
                <div class="pswp__caption__center"></div>
            </div>

        </div>

    </div>

</div><script 
                src="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.min.js"integrity="sha256-ePwmChbbvXbsO02lbM3HoHbSHTHFAeChekF1xKJdleo="crossorigin="anonymous"
                defer
                >
            </script><script 
                src="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe-ui-default.min.js"integrity="sha256-UKkzOn/w1mBxRmLLGrSeyB4e1xbrp4xylgAWb3M42pU="crossorigin="anonymous"
                defer
                >
            </script><link 
                rel="stylesheet" 
                href="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/default-skin/default-skin.min.css"crossorigin="anonymous"
            ><link 
                rel="stylesheet" 
                href="https://cdn.jsdelivr.net/npm/photoswipe@4.1.3/dist/photoswipe.min.css"crossorigin="anonymous"
            >

            </main>
        </div>
        <script 
                src="https://cdn.jsdelivr.net/npm/node-vibrant@3.1.6/dist/vibrant.min.js"integrity="sha256-awcR2jno4kI5X0zL8ex0vi2z&#43;KMkF24hUW8WePSA9HM="crossorigin="anonymous"
                
                >
            </script><script type="text/javascript" src="/ts/main.js" defer></script><script type="text/javascript" src="/ts/custom.js" defer></script>
<script>
    (function () {
        const customFont = document.createElement('link');
        customFont.href = "https://fonts.font.im/css2?family=Lato:wght@300;400;700&display=swap";

        customFont.type = "text/css";
        customFont.rel = "stylesheet";

        
    }());
</script>


    </body>
</html>
